Malicious software and viruses can be quite cunning in the way they get themselves on to your computer. And if something does get past the security software, it can sometimes be quite difficult to know anything is there because it will sit in the background going about its business. One of the common areas of your PC malware will try to get access to, is the network connection to the outside world, transmitting private information from your system or receiving more malicious code from untrusted sources.
An important area of concern on networks is watching for unauthorized access on the TCP and UDP ports. Unauthorized open ports are a major security risk and leave the system prone and vulnerable to attack. A number of Windows programs and services listen on the network for incoming connections, but any other non essential connections need to remain closed as a precaution which helps to avoid anything sneaking in under the radar.
Some Firewalls can give you an idea which ports are open and what processes are currently listening for a connection, and the DOS command ‘netstat’ can also give you a rough idea, but it’s not in a particularly user friendly format. CloseTheDoor is a utility designed to display all TCP and UDP ports that are currently listening for connections and the connected processes and services. There are numerous options available for dealing with processes which you think might not be desirable. ClosetheDoor is available in installable or portable 7zip versions and needs no adminstrator rights to function.
The programs main window lists all processes and services current listening for incoming connections on the system. All relevant information is also listed including; the network interface and listening ports, the protocol (TCP/UDP v4 or v6), the associated process and its ID, any connected services, and information like company, product and description relating to the executable file. Malicious processes will often have no description or product information so this could be something to keep in mind when looking at the list.
The good thing about this little utility is there are a lot of helpful web resources built into the menus to help you gather as much information as possible about the process or port in use. Right clicking an entry will bring up a menu giving you three main options for dealing the process.
They are for opening a folder at the process location, terminating the process or listing and manipulating the connected services. Any service can be stopped, disabled or uninstalled so this option needs to be handled with care. As you can see from the menu, there are a number of options for you to gather more information about the port or process from a Google search or Wikipedia. The Port Authority Database will give more details about the port. Checking the usage statistics of the port can be useful because a sudden surge in activity could possibly mean a new piece of malware is attacking multiple systems.
There is a lot of helpful information and shortcuts to commonly used system tools available in the menu’s:
The ‘File’ menu allows for the export of the results into a CSV file, and there is an option to display a brief summary of all the listening endpoints for each connection.
The ‘Tools’ menu allows for quick access to (component) Services, Task Manager, Network Connections, MSConfig, Regedit and Local security settings. ‘Commands’ will open and export Network statistics, Task Statistics and Environment variables into a text file.
The ‘Internet References’ menu gives quick access to several website links covering a number of important topics that deserve further reading. There is comprehensive information concerning ports and their numbers, services information from Black Viper, Firewall and TCP/IP help from Microsoft and even GRC.com’s ShieldsUp! for checking the security vulnerabilities of your connection.
Because of sheer amount of help and information available at the click of a button, and it’s small and compact nature and effectiveness, CloseTheDoor is certainly a worthwhile addition to any USB toolkit.
Compatible with Windows XP, Vista, 7 (Requires .NET Framework 3.5)
Related posts: